Skip to content

Commit

Permalink
kbs: shrink the size of docker image
Browse files Browse the repository at this point in the history 
After this patch, the image size will be ~215MB

Close #416

Signed-off-by: Xynnn007 <[email protected]>
  • Loading branch information
@Xynnn007
Xynnn007 committed Jun 14, 2024
1 parent 92383f3 commit 58dece8
Showing 1 changed file with 13 additions and 19 deletions.
32 changes: 13 additions & 19 deletions kbs/docker/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,31 +41,25 @@ RUN cargo install --locked --path kbs/src/kbs --no-default-features --features c
FROM ubuntu:22.04
ARG ARCH=x86_64

WORKDIR /tmp

RUN apt-get update && \
apt-get install -y \
clang \
curl \
gnupg-agent
gnupg-agent && \
apt clean all && \
rm -rf /tmp/*

# Install TDX Runtime Dependencies
# Install Runtime Dependencies
RUN if [ "${ARCH}" = "x86_64" ]; then curl -fsSL https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | \
gpg --dearmor --output /usr/share/keyrings/intel-sgx.gpg; fi
RUN if [ "${ARCH}" = "x86_64" ]; then echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/intel-sgx.gpg] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main' | tee /etc/apt/sources.list.d/intel-sgx.list; fi
RUN apt-get update
RUN if [ "${ARCH}" = "x86_64" ]; then apt-get install -y --no-install-recommends \
gpg --dearmor --output /usr/share/keyrings/intel-sgx.gpg && \
echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/intel-sgx.gpg] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main' | tee /etc/apt/sources.list.d/intel-sgx.list && \
apt-get update && \
apt-get install -y --no-install-recommends \
libsgx-dcap-default-qpl \
libsgx-dcap-quote-verify \
tpm2-tools; fi

# Intel PCCS URL Configurations
# If you want the AS in KBS to connect to your customized PCCS for Intel TDX/SGX evidence verification,
# please modify this parameter.
# Default using localhost PCCS (Run in Host which the container land on).
ENV INTEL_PCCS_URL "https://localhost:8081/sgx/certification/v4/"
ENV INTEL_PCCS_USE_SECURE_CERT false

# Setup Intel PCCS URL
RUN if [ "${ARCH}" = "x86_64" ]; then sed -i "s|\"pccs_url\":.*$|\"pccs_url\":$INTEL_PCCS_URL,|" /etc/sgx_default_qcnl.conf; \
sed -i "s/\"use_secure_cert\":.*$/\"use_secure_cert\":$INTEL_PCCS_USE_SECURE_CERT,/" /etc/sgx_default_qcnl.conf; fi
tpm2-tools && \
apt clean all; \
fi

COPY --from=builder /usr/local/cargo/bin/kbs /usr/local/bin/kbs

0 comments on commit 58dece8

Please sign in to comment.